CVE-2017-14585

Опубликовано: 27 нояб. 2017

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.

Ссылки

http://www.securityfocus.com/bid/101945
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-3526
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/101945
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-3526
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:hipchat_data_center:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.1.0 (исключая)

cpe:2.3:a:atlassian:hipchat_server:*:*:*:*:*:*:*:*

Версия от 2.2.0 (включая) до 2.2.6 (исключая)

EPSS

Процентиль: 82%

0.01753

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-7hgh-752m-38mj